When it comes to fraudsters, the holiday season really is the most wonderful time of the year. That’s right, ‘tis the season for fraud, and a recent survey of 125 of the nation’s biggest retailers predicted fraud attempts will rise 43% this year.
From the ancient art of pickpocketing to recent advances in RFID card skimming, financial criminals have always tried to swindle unwitting holiday shoppers.
For decades, the most high-tech form of fraud was cloning credit cards by swiping the magnetic strip on the back and creating an identical card with a consumer’s name, card number, expiration date and CVV, which would allow criminals to swipe away at their store of choice.
With the arrival of EMV technology, chip cards make old-fashioned credit card cloning next to impossible. Still the holiday season churns on, and that means inventive criminals continue to evolve and devise new forms of credit card fraud.
New Avenues for Fraud
As chip cards replace magnetic technology, criminals are starting to take advantage of shopping avenues where chip security provides no additional benefits.
Retailers nationwide have seen an uptick in fraud attempts where criminals purchase items online and immediately pick them up in store. By picking up an item in store, via first-class mail or in a next-day shipment, fraudsters can receive their stolen goods within minutes to hours of purchasing—long before a retailer has adequate time to fully vet a purchase.
As a result, card-not-present fraud jumped 20% during the massive holiday shopping weekend between Black Friday and Cyber Monday. For criminals looking to capitalize on lax security, Christmas Eve is expected to be the peak day for credit card fraud, with fraudulent attempts on Dec. 24 accounting for 2.5% of all fraud for the year. Other top days for fraud are Black Friday and Cyber Monday, which was predicted to have the highest transaction volume of the year.
This year’s financial criminals are purchasing pricey, big-name items that are popular on resale and auction sites, including Apple watches, Fitbits, cordless headphones, cosmetics, facial creams, Jordan sneakers and Dyson vacuums. While the average fraudulent transaction amount is expected to drop by 8%, down to $219 from last year’s $239, the reduction is largely due to alternative shipping methods like in-store pick up. Though credit card fraud remains a real threat to the holiday shopping season, it is important to note that North America’s fraud rate of 1.6% is still the lowest globally, compared to Africa’s rate of 4.3% and Europe and Asia’s rates of 3.6%.
The Arrival of EMV
As of August 2016, 1.7 million U.S. merchant locations were EMV-ready, which accounted for just 30% of the nation’s total card-acceptance base. As the market for magnetic-strip credit cards dwindles, criminals are feverishly rushing to exploit the last remaining traditional credit card terminals and technology.
This predatory free-for-all is particularly dangerous for smaller merchants who are struggling to come up with the thousands of dollars necessary to upgrade their technology. Other vulnerable merchants include those who are waiting to get their EMV processor and network certifications, which must take place before chip-reading functions can become active.
While EMV cards do offer many security benefits, retailers are struggling to adapt to this new technology due to the additional time it takes to process transactions. In order to avoid long and cumbersome lines during last year’s holiday shopping season, some retailers waived their EMV capabilities to keep lines moving faster — to the detriment of customer security.
Security vulnerabilities surround the slow adoption of EMV technologies because the standard was adopted as a “liability shift” instead of a government regulation, meaning merchants would be held accountable for any fraud that occurred in their stores unless they upgraded to EMV.
While EMV technology is costly to upgrade and the certification process is time-consuming, many businesses like bars and restaurants have struggled with the new regulations because EMV no longer enables customers to keep open tabs. Another blow to EMV is the fact that, rather than opting for the more costly PIN code storage, many banks have opted for far-less secure chip-and-signature methods instead of the more secure chip-and-PIN payment method.
Open Season for Credit Card Fraud
This year, global retailers can expect to see a 12% increase in fraudulent activity compared to last year’s holiday shopping season. Instead of cloning credit card or debit card numbers, many fraudsters are accessing readily available personal information revealed in data breaches or on social media accounts. Since many consumers reuse passwords, a single hacked account or a password acquired during a breach can often lead to many purchases.
As criminals become more technically sophisticated, many are going after online merchant databases, attempting to engineer account takeovers. Once inside a merchant’s database, crooks can access any credit card a customer has stored in a retailer’s system, allowing criminals to order stolen goods and pick them up on the same day.
While consumers can prevent some fraud by using credit cards, keeping their wallets secure, tracking their transactions daily, and setting up spending alerts or credit freezes, a whole new breed of credit card scams are cropping up all over the internet.
Fraudsters Target Deal-Conscious Consumers
In a 2016 Holiday Shopping Survey, 23% of all respondents said they would risk becoming a victim of identity theft for a good Cyber Monday deal, while 46% said they weren’t concerned about identity theft this holiday season. Though consumers should be wary of deals on unknown websites that seem too good to be true, many budget-conscious shoppers find it hard to resist goods that are enticingly priced below market value.
These startling statistics shed some light on the popularity of consumer-targeted online fraud this year. Much of the fraud during the 2016 holiday shopping season is the result of social media links routing customers to malicious websites selling “brand-name” products at steep discounts.
To avoid bogus deals and fake websites impersonating well-known companies — and to keep real companies from being associated with fraudulent deals — before buying consumers should check for reviews from the Better Business Bureau, search for the words “fraud” or “scam” in relation to the particular website, look for an “s” at the end of an http address to be sure it’s secure and check the stability of the URL at the bottom of the screen to make sure they are not being rerouted to a suspicious or fraudulent website.
To prevent fraud of all kinds, consumers and merchants should follow best practices by using SSL to establish a link between data and the servers and browsers that protect payment data. Merchants and banks can add extra security by employing 3D Secure used in products verified by Visa, MasterCard SecureCode and Amex SafeKey.
Education Prevents Fraud
Making their debut alongside malicious websites and dubious social media links are games and apps designed to steal personal information from consumer devices. Before downloading an app from an unknown source, the FBI encourages consumers to look for spelling mistakes and third-party reviews to ensure the app is legitimate. Fake shopping apps designed to impersonate well-known retailers are also enticing consumers to give away their credit card information. When in doubt, don’t download. These fake apps can install malicious malware on personal devices or trick consumers into providing personal financial information.
While consumers should be aware of fake emails, malicious pop-ups, fake secret shopper texts and websites luring them in with ultra-low prices, retailers can help educate the public about best practices when it comes to shopping online.
In addition to making complex passwords and employing two-factor identification, before downloading anything, consumers should always read privacy policies to check for cookies and malware tracking data, update their anti-virus software and never shop on public Wi-Fi. Email and social media accounts should be closely guarded against phishing scams and smart phone digital wallets should always be password-protected.
The Best Offense is a Good Defense
As a merchant, particularly one who is in danger of being impersonated by an internet fraudster, an educated public is a powerful weapon against fraudulent shopping this holiday season. However, when it comes to keeping consumers safe from holiday credit card fraud, merchants and retailers can protect their customers, and their reputation, by employing the P2PE encryption solutions offered by Bluefin, which encrypts consumer data from the moment a card is swiped to the moment it reaches its payment destination. To find out more about how state-of-the-art encryption services can keep you and your customers safe this holiday season, contact a Bluefin representative today.